Jul 19, 2021 - Technology

U.S. and key allies accuse China of Microsoft Exchange cyberattacks

Illustration of magnifying glass over star

Illustration: Eniola Odetunde/Axios

The U.S., NATO and other allies are collectively calling out China for malicious cyberattacks, including a March attack that exploited a flaw in Microsoft's Exchange Server.

Why it matters: It's the first time that NATO, a military alliance founded in 1949 to confront the Soviet Union, has signed onto a formal condemnation of China's cyber activities.

Zoom in: Authorities are detailing more than 50 different techniques that Chinese state-sponsored actors used, and offering up recommended mitigations that businesses and organizations can take.

  • The U.S. says that China's Ministry of State Security is using contract hackers to conduct the attacks, many of which are being done for profit, including via ransomware.
  • The U.S., NATO, European Union, U.K., Australia, Canada, New Zealand and Japan say they can now, "with high confidence," attribute the March attack using the Exchange flaw to cyberattackers affiliated with China's state security ministry. That attack crippled thousands of computers around the world.

As part of Monday's announcement, the Justice Department unveiled criminal charges against four Ministry of State Security hackers for a "multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defense, education, and healthcare in a least a dozen countries."

Between the lines: There are a number of countries that have been blamed for past cyberattacks, including China, Iran, Russia and North Korea.

  • The U.S. says Russian government hackers have been known to sometimes also "moonlight" in for-profit attacks, but in this case it was the Chinese military working directly with the attackers.

What's next: The U.S. says it has raised the concerns with Chinese authorities and said it hasn't ruled out a further response, but also cautioned that no one action is likely to deter China.

  • Rather, the administration is pointing to a number of recent steps taken on cybersecurity including executive orders, work with the EU and G7 and new rules for pipeline and other critical infrastructure providers.

The big picture: NATO leaders last month took their strongest position yet on the threat from China, releasing a communique that characterized Beijing's growing influence, military prowess and assertive behavior as "systemic challenges to the rules-based international order."

Go deeper